MAIDSTONE EAST DISTRICT SCOUTS COUNCIL

What is this Privacy Notice/Policy?

This Data Privacy Notice/Policy describes the categories of personal data Maidstone East District Scout Council process and for what purposes Maidstone East District Scout Council are committed to collecting and using such data fairly and in accordance with the requirements of the General Data Protection Regulations (GDPR), the regulations set by the European Union, and Data Protection Act 2018 (DPA 2018), the UK law that encompasses the GDPR.

This Privacy Notice/Policy applies to members, parents/guardians of youth members, volunteers, employees, contractors, suppliers, supporters, donors and members of the public who will make contact with Maidstone East District Scout Council

Who are We?

Maidstone East District Scout Councilare The Data Controller for a registered charity with the Charity Commission for England & Wales; charity number1022013. Maidstone East District Scout Council is the Executive Committee who are appointed at an Annual General Meeting and are Charity Trustees.  The Chair of the Charity Trustees is Pam Mead email [email protected]

From this point on Maidstone East District Scout Councilwill be referred to as “we”.

Being a small charity, we are not required to appoint a Data Protection Officer.   

The Data we may process

  • The majority of the personal information we hold, is provided to us directly by you or by the parents or legal guardians of youth members verbally or in paper form, digital form or via our online membership system Compass. In the case of adult members and volunteers, data may also be provided by third parties, such as the England & Wales – Disclosure and Barring Service (DBS),

Where a member is under the age of 18, this information will only be obtained from a parent or guardian and cannot be provided by the young person.

We may collect the following personal information:

  • Personal contact details such as name, title, address, telephone numbers and personal email address – so that we can contact you.
  • Date of birth – so that we can ensure young people are allocated to the appropriate Section for their age and that adults are old enough to take on an appointment with Scouting.
  • Gender – so that we can address individuals correctly and accommodate for any specific needs.
  • Emergency contact information – so that we are able to contact someone in the event of an emergency.
  • Government identification numbers e.g. national insurance, driving licence, passport – to be able to process volunteer criminal record checks.
  • Bank Account if Gift Aid
  • Training records – so that members can track their progression through the Scout programme or adult training scheme.
  • Race or ethnic origin – so that we can make suitable arrangements based on members cultural needs.
  • Health records – so that we can make suitable arrangements based on members medical needs.

Criminal records checks – to ensure Scouting is a safe space for young people and adults.

The lawful basis we process your data by

We comply with our obligations under the GDPR and DPA 2018 by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.

In most cases the lawful basis for processing will be through the performance of a contract for personal data of our adult volunteers and legitimate interest for personal data of our youth members. Sensitive (special category) data for both adult volunteers and our youth members will mostly align to the lawful basis of legitimate activities of an association.  Explicit consent is requested from parents/guardians to take photographs of our members. On occasion we may use legitimate interest to process photographs where it is not practical to gather and maintain consent such as large-scale events. On such occasions we will make it clear that this activity will take place and give individuals the opportunity to exercise their data subject rights.

We use personal data for the following purposes:

  • to provide information about Scout meetings, activities, training  courses and events to our members and other volunteers in Maidstone East Scout District Council
  • to provide a voluntary service for the benefit of the public in a particular geographical area as specified in our constitution
  • to administer membership records
  • to fundraise and promote the interests of Scouting
  • to manage our volunteers
  • to maintain our own accounts and records (including the processing of gift aid applications)
  • to inform you of news, events, activities and services being run or attended by Maidstone East District Scout Council
  • to ensure and evidence your suitability if volunteering for a role in Scouting
  • to contact your next of kin in the event of an emergency
  • to ensure you have and maintain the correct qualifications and skills.

We use personal sensitive (special) data for the following purposes:

  • for the protection of a person’s health and safety whilst in the care of Maidstone East District Scout Council
  • to respect a person’s religious beliefs with regards to activities, food and holidays

            for equal opportunity monitoring and reporting.

Our retention periods

We will keep certain types of information for different periods of time in line with our retention policy. 

Storing and Destroying Documents Policy

All forms need to be appropriately stored to ensure that any personal data is secure and protected. This requires taking sensible precautions to make sure that they cannot be inappropriately viewed or accessed by anyone.

These precautions include: making sure that the premises on which the forms are kept in a locked location where possible; and ensuring the safety of the forms when not being stored (e.g. using appropriate postage when sending between people and making sure forms are not left unattended at meetings.)

How should they be safely destroyed?

The forms should also be safely destroyed (timescales as per the guidance below) to remove

 all personal information. Shredding is an example of an appropriate method.

Please note: This advice on storing and destroying forms has been taken from the Information Commissioner’s Office, Data Protection Good Practice Note: Security of Personal Information, and should be read in conjunction with the information in that document.

1: The Adult Information Form

The AI form needs to be retained locally until a full appointment has been recorded; i.e. when all approval checks are complete and any Getting Started training has been completed. This should mean that the form is stored for no longer than twelve months, and then destroyed.

2: The Adult Information Form for An Occasional Helper

The AI Form needs to be retained until the Criminal Records Disclosure (i.e. DBS or Access NI Form) has been issued. This should mean that the form is normally stored for no longer than two months, and then destroyed.

3: The Adult Information is used for Repeat CRB Check

The AI Form needs to be retained until written notification of DBS Disclosure is received. This should mean that the form is normally stored for no longer than three months, and then destroyed.

4: The Appointment Review (AR) Form

The AR Form should be retained locally, by the Appointments Secretary (or whoever the appropriate person is) as part of an adult’s record until the next review has been completed. The form should be sent to the individual and their line manager (or person carrying out the review) before the Review period is due.

The new AR Form then replaces the old one. This means that a single AR Form should be stored for no longer than five years, and then destroyed.

5: The Reference (RF) Form

The RF Form should be retained locally until a decision has been made as to whether or not to appoint.

If you decide to appoint, the forms should be destroyed as soon as that decision is made and the individual’s record has been updated with this information.

If you decide not to appoint, due to an unsatisfactory reference, the RF Form should be sent to the Records Manager at Gilwell Park along with any other relevant information regarding the decision not to appoint, within one week of the decision being made.

This means that the form should not be kept for longer than one month from the date at which a decision is made and then either destroyed, or sent to Headquarters.

6: The Cancellation/Suspension (CS) Form

The CS Form should be used to inform of the cancellation of an individual’s appointment for an unsatisfactory reason or in order to suspend an individual from Scouting. The completed form (including any relevant information regarding the decision to cancel or suspend that person) must be sent to the Records Manager at Gilwell Park. This means that the form should not be kept for longer than a week before it is sent to Headquarters.

7: Approval Panel meeting notes

Appointments Advisory Committee members may make notes about the applicant as a result of the approval meeting and should record significant points about the decision.

If it decides to appoint, any notes should be destroyed as soon as that decision is made and the individual’s record has been updated with this information.

If you decide not to appoint, all notes should be sent to the Records Manager at Gilwell Park along with any other relevant information regarding the decision not to appoint, within one week of the decision being made.

8: Suspension

When ending a period of suspension the Appointments Advisory Committee may meet the adult involved and make a recommendation about the status of their suspension. Copies of all communication that relates to the suspension (by email, letter or phone), Committee meeting notes and copies of any decisions made, must be forwarded to the Records Manager at Gilwell Park, within one week of the Appointments Advisory Committee meeting.

9: Young Person’s Details

Awards records are retained for 3 months when they leave in case they want to return and continue.

10: Gift Aid Data

Needs to be retained for 7 years to meet audit requirements by HMRC

The Scout Association’s Data Protection Policy can be found here and the Data Privacy Notice here.

Sharing your Information

Young people and other data subjects

We will normally only share personal information with adult volunteers holding an appointment in the Maidstone East District Scout Council

We will share the personal data of youth members and their parents/guardians with The Scout Association Headquarters for the purpose of managing safeguarding cases. The privacy and security notice for The Scout Association can be found here:  The sharing of this data will be via the Online Scout Manager platform which is used by Maidstone East District Scout Councilto manage youth membership. The privacy and security notice for OSM can be found here: https://www.onlinescoutmanager.co.uk/srcurity.html

Adult volunteers

We will normally only share personal information with adult volunteers holding appropriate appointments within the line management structure of The Scout Association for the Maidstone East District Scout Councilas well as with The Scout Association Headquarters as data controllers in common.

All data subjects

We will however share your personal information with others outside of Maidstone East District Scout Council where we need meet a legal obligation. This may include The Scout Association and its insurance subsidiary (Unity Insurance Services), local authority services and law enforcement.  We will only share your personal information to the extent needed for those purposes.

We will only share your data with third parties outside of the organisation where there is a legitimate reason to do so.

We will never sell your personal information to any third party.

Sometimes we may nominate a member for national awards, (such as Scouting awards or Duke of Edinburgh awards) such nominations would require us to provide contact details to that organisation.

Where personal data is shared with third parties we will seek assurances that your personal data will be kept confidential and that the third party fully complies with the GDPR and Data Protection Act 2018 (DPA 2018), the UK law that encompasses the GDPR.

How we store your personal data

We generally store personal information in the following ways:

Compass – is the online membership system of The Scout Association, this system is used for the collection and storage of adult volunteer personal data.

Online Scout Manager – is the online membership system of Online Youth Manager, this system is used for the collection and storage of youth member personal data.

Other digital systems –   Microsoft Office, Cloud and Outlook (Microsoft Office 365)

In addition adult volunteers will hold some personal data on local spreadsheets/databases.

Printed records and data held while attending events – paper is sometimes used to capture and retain some data for example:

  • Gift Aid administration
  • Event registration
  • Health and contact records forms (for events)
  • Events coordination with event organisers

Paper records for events are used rather than relying on secure digital systems, as often the events are held where internet and digital access will not be available.  We will minimise the use of paper to only what is required for the event

Further processing

If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions.  Where and whenever necessary, we will seek your prior consent to the new processing.

How we provide this policy

A link to this website page is provided to those whose data is being processed by us.  A printed version is also available on request.

Your rights

As a Data Subject, you have the right to object to how we process your personal information.  You also have the right to access, correct, sometimes delete and restrict the personal information we use.  In addition, you have a right to complain to us and to the Information Commissioner’s Office (www.ico.org.uk).

Unless subject to an exemption under the GDPR and Data Protection Act 2018 (DPA 2018), the UK law that encompasses the GDPR, you have the following rights with respect to your personal data:

  • The right to be informed – you have a right to know how your data will be used by us.
  • The right to access your personal data – you can ask us to share with you the data we have about you. This is a Data Subject Access Request.
  • The right to rectification – this just means you can update your data if it’s inaccurate or if something is missing.  Adult members will be able to edit and update some information directly on The Scout Association’s Compass membership system.
  • The right to erasure – this means that you have the right to request that we delete any personal data we have about you. There are some exceptions, for example, some information will be held by The Scout Association for legal reasons.
  • The right to restrict processing – if you think that we are not processing your data in line with this privacy notice then you have the right to restrict any further use of that data until the issue is resolved.
  • The right to data portability – this means that if you ask us we will have to share your data with you in a way that can be read digitally – such as a pdf. This makes it easier to share information with others.
  • The right to object – you can object to the ways your data is being used.

Rights in relation to automated decision making and profiling – this protects you in cases where decision are being made about you based entirely on automated processes rather than a human input, it’s highly unlikely that this will be used by us.

Website cookies

Forms related cookies

When you submit data through a form such as those found on our contact pages or comment forms, cookies may be set to remember your user details for future correspondence.

Third Party Cookies

In some special cases we also use cookies provided by trusted third parties.  The following section details which third party cookies you might encounter through this site.

This site uses Google Analytics which is one of the most widespread and trusted analytics solutions on the web for helping us to understand how you use the site and ways that we can improve your experience.  These cookies may track things such as how long you spend on the site and the pages that you visit so we can continue to produce engaging content.

For more information on Google Analytics cookies, see the official Google Privacy information page.

Embedded content from other websites

Articles on our websites may include embedded content (e.g. videos, images, articles ect.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third party tracking and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged into that website.

Who to contact

If you have any queries relating to this Privacy Notice or our use of your personal data, please contact us by emailing [email protected]

Up dated April 2022